Out-Law / Your Daily Need-To-Know

FOCUS: Retailers, insurers, car manufacturers and the fast-growing software company Uber are among the businesses that should take note of the increased regulatory scrutiny being placed on restrictions of access to data.

EU competition commissioner Margrethe Vestager, the UK's Financial Conduct Authority (FCA) and the European data protection supervisor have all recently stated views on the issue of big data and competition.

The collective message that can be taken from the comments is that companies that unfairly restrict rivals' access to datasets risk breaching competition laws and becoming liable for substantial financial penalties of up to 10% of their annual global turnover.

Increased scrutiny of big data and the interaction with competition law

Data is becoming an increasingly important asset for businesses. With the right information and use of analytics tools, companies can glean the insights necessary to improve products and services, increase efficiencies or understand customers better. Businesses that control access to such data can obtain a competitive advantage and can, where the information is rare or even unique, serve as gatekeepers to markets in respect of enabling rivals' access to that data.

Where gatekeepers abuse a position of dominance they can fall foul of competition rules. Even if they are not dominant in a market, businesses that have contracts with third parties that restrict access to data can, potentially, be found to be in breach of rules prohibiting anti-competitive agreements.

The European Commission has a history of clamping down on companies that act as gatekeepers to markets where they feel those businesses do not do enough to allow others to compete for customers. A leading example is the 2004 case where the Commission sanctioned Microsoft for failing to give rivals the information needed to make sure their technology worked with Microsoft Windows operating systems on reasonable terms.

Recently EU competition commissioner Margrethe Vestager explained that the European Commission would frown upon businesses that restrict others' access to "unique" data, suggesting that the data in question must be able to confer some type of competitive advantage to those that hold it in order for restrictions on access to it to trigger the concerns of the EU's foremost competition authority.

Specifically, Vestager said: "We shouldn't be suspicious of every company which holds a valuable set of data. But we do need to keep a close eye on whether companies control unique data, which no one else can get hold of, and can use it to shut their rivals out of the market. That could mean, for example, data that's been collected through a monopoly."

The competition commissioner said the Commission "won't hesitate to take action" where it sees that there are unjust restrictions on access to data in place.

Vestager's comments suggest the Commission takes a similar view on the issue of data access restrictions and competition law compliance as the UK's Competition and Markets Authority (CMA). Last year the CMA expressed its view that whether or not a company's use of consumer data breaches competition law will be influenced by the value of the information they have access to.

The FCA is another UK authority that has examined big data. Late last year it took a look into whether insurers' use of big data fosters or constrains competition through a call for inputs exercise. In reporting the outcome of its consultation last week, the FCA said that it had not seen evidence that prospective new entrants to insurance markets face barriers to entry because they have difficulty "accessing complex datasets". It said, though, that it was aware such problems could arise in future.

European data protection supervisor Giovanni Buttarelli has also taken an interest in the interaction between data privacy and competition rules, particularly in the context of EU merger control rules. In a newly issued opinion Buttarelli said the merger control regime should be updated to "better reflect" consumer interests when it comes to planned mergers between data-rich companies.

Buttarelli referred to the fact that many such mergers can escape scrutiny by competition authorities because the triggers for notifying deals to the authorities are based on the financial size of the companies concerned and do not take account of how much personal data they have access to.

In his opinion, Buttarelli called for a new 'digital clearing house' to be set up to bring different regulators with different competencies across EU digital markets together. The clearing house could, among other things, produce guidelines setting out "theories of harm’ relevant to merger control cases and to cases of exploitative abuse" that are based on "data protection and consumer protection standards".

He said the clearing house could also allow authorities to look at possible "regulatory solutions for certain markets where personal data is a key input as an efficient alternative to legislation on digital markets which might stifle innovation".

Buttarelli's recommendation is a sign that issues of data privacy, consumer protection and competition law could be considered more closely by enforcement agencies in future.

Data portability

Much of the data being generated in today's digital world can be traced back to individuals, meaning the information qualifies as personal data and is subject to data protection laws.

New EU data protection rules set to apply from 25 May 2018 will provide consumers with new data portability rights. It will require companies, upon request, to transfer consumer's data to them in "a structured, commonly used and machine-readable format" to enable consumers to share the data with rival service providers for the purposes of switching.

The data portability rules under the General Data Protection Regulation should be an enabler of competition in digital markets. However, compliance with those rules might not be sufficient for companies to escape competition law scrutiny over access to data.

It might transpire that a business can be both wholly compliant with their data portability obligations under the GDPR but be considered to be failing to share sufficient data with rivals under competition rules.

The GDPR will also not impact businesses' access to non-personal data. Competition law enforcement in the area of data access is therefore likely to remain a relevant risk for businesses.

It is easy to envisage a large number of businesses across many different sectors acting as a gatekeeper to data that could help them obtain a competitive advantage in a market over rivals, whether it is banks, online betting companies or energy suppliers.

In the retail market, for example, loyalty card data can offer useful insights into customer spending habits and preferences that many rival retailers and other businesses across sectors would love access to.

Manufacturers of so-called 'connected cars' might also come in for scrutiny if they exploit data for the purposes of selling maintenance and repair services and shut out rivals from the market in the process. Insurers might also wish to access the data to better price car insurance premiums. Failing to share the data with insurers on non-discriminatory terms could expose car manufacturers to the risk of breaching competition rules.

Telematics data collected by businesses active in the car insurance market is another potentially valuable dataset. It potentially offers holders of that data the chance to cross-sell location-based services in downstream markets. Giving access to the data to some restaurant businesses, for example, on favourable terms while inhibiting or precluding their rivals from also accessing the data could land those companies in trouble.

Uber is another gatekeeper to data. It generates and gathers a lot of information about its passengers which, with a bit of piecing together and analysis, could reveal where people live or work and a lot about their social habits. That could be useful data to companies that want to target restaurant or delivery services at those consumers, for example.

Uber is a fast-growing business and has already shown that it is willing and able to move quickly into new markets. It may find innovative uses for the data it collects itself or look to monetise the information through agreements with companies in other markets.

All businesses with valuable datasets should be careful about shutting out others from that data altogether, such as by putting in place exclusivity agreements with selected partners, or from imposing different terms and conditions, including charges, on other companies in relation to their access to the data. Acting in a discriminatory fashion is likely to be viewed dimly by competition authorities in this developing area of law.

Guy Lougher is a competition law expert at Pinsent Masons, the law firm behind Out-Law.com.